How Windows could kill the Internet

A scary new threat to the Internet has surfaced, and it comes from the forthcoming Windows XP. Independent security expert Steve Gibson’s Gibson Research Corporation site was attacked earlier this month, and he used this attack to study in depth the intricacies of these attacks, what tools are used, what kind of people participate in these attacks, and what ISPs are doing (and not doing) to prevent them.

In brief, GRC.com’s two T1 trunk ‘Net connection with 3.08 megabits of bandwidth in each direction got shut down by a DDos (Distributed Denial of Service) attack from 474 Windows PCs. He analyzed the traffic, discovered the problem, and after much hassle got the site back up–with the help of his ISP (Verio)–by “shutting down all UDP and ICMP traffic” at the ISP’s router. Mr. Gibson then went on an amazing and extensive analysis/script kiddie hunt and discovered something horrifying: previous versions of Windows (including NT and Me) have an incomplete implementation of the “UNIX sockets” specification, which means a box running older Windows versions can’t “‘spoof’ its source IP or generate malicious TCP packets such as SYN or ACK floods.” However, Win2K and WinXP have full support, meaning these OSes will provide

the ability FOR ANY APPLICATION to generate incredibly malicious Internet traffic. … malicious hackers are already fully aware of the massive malicious power of the new versions of Windows and are waiting impatiently for the “home version” of Windows XP to arrive in the homes of millions of less clueful end users.

Should you worry? Here’s Gibson’s most forceful statement:

When those insecure and maliciously potent Windows XP machines are mated to high-bandwidth Internet connections, we are going to experience an escalation of Internet terrorism the likes of which has never been seen before.

To make matters worse, his study of the problem led him to conclude that “leading consumer ISPs are worse than useless when asked for any form of help relating to Internet security or the welfare of the paying customers” and that the U.S. Government doesn’t yet have the time or resources to focus on these “smaller” attacks that will cripple the Internet. Mr. Gibson has made it a quest to convince Microsoft to do something about this problem.

For more information, please see this article at The Register, which summarizes the IP spoofing problem under WinXP. You can also check this article at The Register, which cites Gibson’s article as a fine piece of journalism on how and why Denial of Service attacks happen. If you’ve got some time, please see the GRC.com article (be ready for a long but incredibly informative read).

RON’S OPINION

I often quickly read through articles just to get a synopsis and overall concept of what truth or opinion is being put forth. However, I took time to click through to the GRC.com article because I was highly disturbed by the glimpse of horror I caught in the two Register articles I read. Steve does a very good job of presenting the facts without bias, as he is just trying to find out why the attacks happened to him and how he could stop them.

What I find most disturbing about this whole thing is that people who have Windows machines can be participating in these attacks and not even know it because they have zombies and trojans on their machines. The other shocking truth that I was aware of is that people who don’t even know how to write these programs can unleash them on specific Internet sites with malicious intent. However, I was not aware of the extent to which this is happening.

Another point Steve makes is that not all personal firewall software prevents your PC from being used in a Denial of Service attack, so people who think they are doing a good thing by installing, for example, Black Ice Defender on their system are not preventing their PCs from being used.

I strongly recommend that you read the GRC.COM article, it is highly enlightening. It also contains an amazing look into the worlds of true hackers and script kiddies.

From the Chief Editor:
Thanks also to God� and DrunkenMonkey for pointing us to the GRC.com article. DrunkenMonkey has this to say:

If you are one of the following, you should read to the end of his very thorough report:

I’m sure microsoft will release a patch that will stop you from sending or receiving any traffic to the internet except HTTP, or some equally useless patch, just like the outlook one.

The horrifying thing is that this can happen because Microsoft have implemented something *properly* for once ! – by stop 1st post crap

who’s ron?(7:53am EST Fri Jun 01 2001)
who’s ron? who are all these new people?

1st post has a good point…there will be a patch shortly i’m sure. – by me

Uh huh(8:40am EST Fri Jun 01 2001)
Steve Gibson is a sharp guy, and he has done some interesting work. But I frequently laugh when I read some of the stuff that he writes. He comes across as being a very paranoid person. Much of what he writes is intended to spread fear/uncertainty/doubt as a marketing scheme for his own products. No doubt Steve is hard at work on some new personal firewall product will protect the world from the evil that Microsoft is supposed to be perpetrating on the world by *gasp!* including a complete implementation of a protocol! OMG, how could they possibly do such a thing??? Actually implement a protocol? Scandalous!

People should make up their minds. Are they going to crucify MS for not fully implementing standards? Or are they going to crucify them because they do? You can have it both ways.

I personally think that this whole story is very irresponsible. (postingalias@usa.net) – by Keith Soleil

But these script-kiddies and crackers! Goddamit! What are they trying to gain? They cause all kinds of problems in the net! I’m sure that they (the script-kiddies) live and breathe the internet. So what if THEIR net-connection got screwed? I would just love to be the one who pulls the plug on their net-connection!

What if one day everybody got an e-mail saying “Since the internet has become the playground of losers and script-kiddies, we have decided to shut it down permanently. The Internet will cease to exists exactly 00:00 GMT tomorrow. Thank you, and have a nice day”. Hell, I would love to see the looks on the faces of those script-kiddies then!!! Goddam losers. – by Janne

MS benefiting as usual(8:45am EST Fri Jun 01 2001)
Yet another reason why open source is far superior to closed, proprietary software. I still shake my head at MS’ recent slam of the whole opensource movement.

It’s great that this information has come to light (and yes there will certainly be a patch shortly), but it’s MS that will benefit from this incident far more than end users: MS is getting the services of a world-class expert like Steve Gibson for nothing more than the cost of publishing shoddy software.

– by mike

Gibson? Making Money?(8:48am EST Fri Jun 01 2001)
You will note, if you go to his site, that he gives away many things for free. and, you are right, he is working on a personal firewall software to solve some of these problems, but it is also going to be free. If you read the story sighted here, you will find that he was successfully able to fend off allowing his windows “sitting duck laptop” to be used in these attacks with a freeware version of Zone Alarm personal firewall software. Also, if you read his privacy policy, you will find that he says that it is not expensive to exist on the web, and he doesn’t use ads at all on his site. Far from irresponsible I would say. – by BlindGeek007

Ummmm….(8:48am EST Fri Jun 01 2001)
I hate MS as much as the next guy, but if XP has a full support for UNIX sockets, doesn’t that only make them _as_ dangerous, not _more_ dangerous, than all those Linux boxes the script kiddies already know how to use? It doesn’t seem to add that much to the mix, unless the concern is the P2P chaining of all the insecure XP boxes out there. Am I missing something? – by SANman

zombies and trojans(8:58am EST Fri Jun 01 2001)
the problem with Windows machines is that they can be easily infected with, for example, the sub7 trojan, which allows an outsider to take control of a machine without that machine’s user knowing it. Can this be done in Linux? Although I don’t know for sure, I would say yes. However, my operative word for Windows is easy, and that’s what makes the difference. – by BlindGeek007

To extend on that…(9:14am EST Fri Jun 01 2001)
Just to extend on what BlindGeek007 was saying: The reason it is more easy to take over a Win*OS machine is because of it’s bad access level support. UNIX OS’s and Unix clone OS’s use different levels of access from root, to admin, to service, to user, to program etc…with the point of sandboxing those users and applications into their own levels of access, unless of course at a very high level such as a root (superuser). Of course on a lot of Operating Systems this doesn’t always work due to the existence of exploitable bugs which may allow a user or program on one level to gain access to functions at a higher level (i.e. root exploits).
Most versions of Win*OS on the other hand use either one level (user) of access, with no difference, pretty much root from the time you login to the time you log out, for all users and applications, or they use very poor/weak user access levels, often with the applications still having access to higher levels. – by Wesley Mason

RE: Ummmm….(9:16am EST Fri Jun 01 2001)
XP will only be more dangerous than UNIX in the fact that more people will have it installed on thier home machines (come on now, how many non-geeks do you know that use UNIX on a regular basis at home?). After the release of XP, the full socket implementation will be widespread, giving script kiddies more computers to put trojans/zombies on to do thier bidding. – by Blk_Kngt

And again..(9:21am EST Fri Jun 01 2001)
And just some more info.
The main reason Win*OS makes little distinction between access levels is to make it easier for the average user to access the system and make changes. But frankly the risks that are in place opened up because of this far outway the advantages.
It has always been my opinion that Win32 OS’s and their kin should implement a trusted system. I.E. rather than just having the whole system open, allow the OS to take more care of the security, by limiting applications based on their need (a little more similar to the way NT/2K/XP OS’s handle background security), with the user being informed in plain language of how to change things user a default higher level account (which is simple for them to log into), but also being told fully of the dangers.
Then it is their own stupidity which can only go wrong.
Matters such as this could easilly be built with networking security too. But then, this is MS we’re talking about. ) – by Wesley Mason

But Wesley…..(9:32am EST Fri Jun 01 2001)
“Then it is their own stupidity which can only go wrong” — the problem is that most users are stupid, and stupidity will prevail. So instead of solving the problem, your suggestion would merely shift the blame from MS to stupid users. I don’t care who’s to blame for slack security on Windows boxes (or any other machines), I care about tightening that security so “Script Kiddies” will have nothing left to do but go out and get real jobs (after they finish elementary school, that is).– by Rary

Anti-Microsoft propeganda(9:52am EST Fri Jun 01 2001)
So who paid this company to come to this conclusion. Linus, Sun, Apple?

This statement is rediculous, because it implies that Microsoft is incapable of changing technology to meet security requirements, which hasn’t been the case. Microsoft has done a lot to make it’s products secure, and will continue to do so. The XP product line hasn’t even been widely implement and is only in beta form, so to make a grand acusation that Microsoft could kill the interent comes from sheer anti-Microsoft hysteria.

I am not defending Microsoft, I do feel they have dropped the ball on more then one occasion, by introducing terrible security holes in their products, but they have been dedicated to plugging these security holes. As they grow in experience, these security risks will dissapear.

Microsoft is attempting to add an incredible amount of added-value with their products, by making powerful internet applications to do a wide range of things. In many cases, perhaps this technology is more then most people require, but for those that make adequate use of the technology, and rely heavily on it I am sure accept the potential security risks and are sure that Microsoft will do everything they can to protect their interests.– by Johnny

re: Johnny(9:59am EST Fri Jun 01 2001)
This is not about Microsoft being able to adapt their software and operating systems to make them more secure (all though I would argue they have yet to impress me with this ability). It’s about people (home users) actively implementing these patches to make their operating systems secure. Probably one of the most effective methods of preventing your PC from being targeted by one of these “zombies” and “trojans” is to install and regularly update anti-virus software, and yet the majority of PC’s out there do not even have this software installed. Furthermore, although there are not many left, some people just want to give out free information for information’s sake. This we should encourage and applaud. – by BlindGeek007

Script Kiddies(10:02am EST Fri Jun 01 2001)
Everyone seems to love to hate these scripters for exposing the weaknesses of OS’s. While they probably do it just to have something to brag about in the school cafeteria, they also play an important role in Internet security. The mere fact that something as easy to create as a script can wreak havoc on millions of computer systems should raise more concern from OS creators than it does. This same wide open security can become a terrorist tool in the wrong hands.

It seems amazing to me that the Department of Defense, who relies heavily on compuer communications, has decided to use all Microsoft software on its desktops and servers, knowing the really bad security holes that many MS products have. I know that our local Navy base spent many hundreds of man-hours fighting off the Melissa and ILoveYou scripts. Yet they still use Windows and Outlook. I guess I am just paranoid, but the Chinese and other governements HAVE to know about all of this.

Better script kiddies expose these weaknesses than script terrorists. At least the script kiddies WANT us to notice what they are doing.– by Amazed.

Right….(10:03am EST Fri Jun 01 2001)
If Unix has 95% of the consumer market, imagine how bad it could get… I would say many order of magnitude than XP…We can have a DDOS before breakfast, lunch, and dinner… heck, anytime of the day the “script kiddies” feel like it… The problem is education.. people… and we need a licence of some sort to have a powerful PC/Highspeed connections. Same reason why US has export laws on highend mainframe and software… – by Hahahah

I’d have to disagree…(10:10am EST Fri Jun 01 2001)
Just to quote Johnny, “…these security risks will dissapear [sic]”. Well, unfortunately, that’s absolutely not true. Every time new code is added, or a new Windows version is released, or even a new program is released to work *with* a version of Windows, then new security holes will appear. While they may be “dedicated to plugging these security holes” the fact that there ARE so many is what bothers people- along with the time it takes the Redmond behemoth to actually ADMIT to the mistakes.
Basically, M$ needs to focus a little less on users’ convenience and more on networking security now that more and more home computers are being given broadband connections. Otherwise, much more damage will occur in the future. And I do agree with many previous posters in saying that if that DOES occur, Microsoft will definitely have to shoulder some of the blame. – by UberMachine

Keith(10:19am EST Fri Jun 01 2001)
I think you are wrong. The article isn’t about slamming Microsoft rather it is slamming the irresponsible nature of many delinquents that see fit to ruin things for other people, what to do to stop them, and the real threat that will exist because Windows is such a universal product. – by todd

RE: Amazed(10:29am EST Fri Jun 01 2001)
Script kiddies do NOT advance anyone’s knowledge of anything! That’s what makes a s’kiddie, by definition – they’re the muppets who know just about enough to find and use these tools, but have very little clue about how they work.

Real hackers are the people who discover the vulnerabilities and write the tools, but they don’t tend to go for petulant DDoS attacks against innocent 3rd parties. They have better things to do with their time… – by Gregorach

I say that(10:37am EST Fri Jun 01 2001)
This is another plot by Microsoft to push another piece of software in development. It’ll be called “Take That” and will be aimed twords website administrators and ISPs. This piece of software will automatically start a download to the computer connecting to their system, and install a patch that disallows all fake IP generating. Cost of Take That? $1,000,000

You use windows, yet you bash it (I believe that because you’re obviously to dumb to use unix based systems). Why do people talk/write before they think? Maybe it’s too early…

I think this is a good thing (XP having full UNIX socket spec support). Networking will have to change. Nobody can do a damn thing about it until a new spec is drafted and implemented. I have a feeling this will only push us into the ‘secure’ Internet sooner than later.

I say, Steve Gibson for president! – by God�

If you are interested in security(12:07pm EST Fri Jun 01 2001)
If you are interested in tightening security in your windows machines, let people know about free firewall products such as Zone Alarm and TinyPersonalFirewall –
Both are great products (TPF I find to be oriented to more knowledgable users)

That is if you are interested in doing something other than complaining. BTW: WinXP will come with some kind of firewall built in – I don’t know if it will stop these kinds of trojans. – by Troy

ZoneAlarm(12:32pm EST Fri Jun 01 2001)
Building on what Troy said, ZoneAlarm’s strengths are simplicity and effectiveness. Even non-technical users can install and configure ZA with a minimum of hand-holding, and the more people we get running it, the better.

The ZoneAlarm free download is at:
privacy utility.

Cheers, – by DrunkenMonkey

Incredible reading(12:51pm EST Fri Jun 01 2001)
Anyone that hasn’t read the article at GRC.com should certainly do so. It has all the mystery and intrigue you would expect in a best-selling novel or Hollywood movie, with a Geek edge to it. It’s pretty terrifying to know that there are 13-year-olds with some incredible network security knowledge that couldn’t care less what they do with that knowledge. – by Ouch

XP(1:14pm EST Fri Jun 01 2001)
I think Microsoft releases OS’s too fast without the proper testing. They need to step back and fix more XP problems before releasing it on the world. This idea of having a new OS every year is sick. They just got most of the fixes into Win2000 and now it will be replaced in 2002 by Win2002.

If your a network admin for any system the motto is:

“SOON AS YOU STOP BEING PARANOID THATS WHEN THEY GET YOU” – by RAX

Hey, I like it bEeFsTu01, …..(1:24pm EST Fri Jun 01 2001)
too bad takethat.com is a porn spot. It would have been a great spoof site. A quick million for each ISP to dish out to M$, … maybe.
I don’t think fully implimented UNIX sockets would shut down the Net, but it sure would cause alot of “download rigamortus” due to Net jams and DDOS attacks. Script kiddies just have to take the fun out of everything Net, don’t they. – by Axe

This is funny……..(1:45pm EST Fri Jun 01 2001)
All of you people are flaming microsoft for a pruduct that has not even been released yet. XP is not going to be released until October so MS has plenty of time to fix the problem. I think most of the posters on the make snap judgements about MS based soley on the fact that they don’t like MS. – by asdf

Wacked Again?(1:49pm EST Fri Jun 01 2001)
Looks like Mr. Gibson’s site goes down more often than a $2 whore. 1:45 EST and no access. Hmmm. – by rufus

Make love, not bot war(2:23pm EST Fri Jun 01 2001)
asdf, I hope they do catch the exploits prior to shipping, but you have to understand the pessimism of readers who have had to install six service packs and numerous hot fixes to NT, some of which caused more problems than they fixed.

Still, I think MS does a decent job of patching stuff and letting the user community know about it, and I sympathize with their software testers, because it ain’t an easy task, especially when you have management and a ship date breathing down your neck.

FYI, they are pulling SP7:
“Based on customer feedback, demand for NT 4.0 hot fixes, and the stability of NT 4.0 SP6a, Microsoft has decided not to release Windows NT 4.0 SP7, originally scheduled to release in the third quarter of 2001.”

And as of 11:17 Pacific, grc pings time out. :(

If his site is vulnerable, so is anyone else’s, so just thank your lucky towel that no one has decided to attack you (yet).

Sheesh, – by DrunkenMonkey

Good new Rax(2:49pm EST Fri Jun 01 2001)
I believe that MS will definitely slow down their OS release cycle. The current state of the many MS OS’s was their response to business demands to keep their products compatible with legacy applications. Apple didn’t do so and lost a lot of users when they upgraded to the PowerPC platform.

Now that MS has one kernel, I think they will return to the 3 year cycle we saw with their other OS’s. – by Steven

asdf(3:31pm EST Fri Jun 01 2001)
This vulnerability also exists in Win2k, which has been on the market for quite awhile now. The main concern with XP is that more home users (ie, novice computer users) will be using XP at home, while 2000 usage at home is mostly among your above-average computer user. – by Ouch

Geek.com hates MS(3:45pm EST Fri Jun 01 2001)
Why do they publish this dubious article as well as every other MS security exploit, but not yesterday’s article about Apache getting hacked? If apache is so important, why wasn’t that news article I read on CNET early yesterday on this site? – by SB

good observation SB…(4:00pm EST Fri Jun 01 2001)
I even submitted a news item on the apache hack yesterday… you’d think it would at least show up on the ‘quicks’… – by God�

You are Paraniod if….(4:03pm EST Fri Jun 01 2001)
Microsoft is always wrong in you eyes…

I read this thread and it is clear if Microsoft found a cure for cancer and gave it away for free some would see it as an evil plot to dominate the world.

This is a case where they followed an established standard that has risks and because they have brought computing to the masses it has a side effect that I am sure will be solved by ship of XP.

It is my firm belief that the attraction to Linux is that it is an OS that “Mom” can’t use. As soon as Linux has a version that is as turn key and easy as Windows and shos up on Mom’s Gateway Special, the rebel OS crowd will find a new religion.
When “Mom” is using Linux there will be a move to support a more elegant solution (say Snoopyux) – by Joe Cool

re: Geek.com hates MS(4:04pm EST Fri Jun 01 2001)
Yes, I too read the article posted on The Register about this hack. They basically said that although the hacker claimed to have changed some code in the application, the experts found no code changed, and not much damage done. – by BlindGeek007

BlindGeek007(5:05pm EST Fri Jun 01 2001)
Not much damage done? Perhaps you should read the GRC.com article that The Register summarizes. GRC.com had a sustained DDoS attack against them that took their site down for 17 hours in early May, had off-and-on instances where the site was unavailable for another week until their ISP implemented a filter that would keep their website up, and again today is getting hit so hard that Steve Gibson has basically thrown in the towel and said he can’t fight the attacks and the only way he can keep his site up is if the attacks stop. That certainly doesn’t sound like “not much damage done”. Just wait until it happens to a site you frequent. With some advertising-supported sites barely keeping their heads above water (while many fold completely), any sustained outage can easily lead to the end of a site thesedays. And there’s really nothing that can be done to prevent these attacks without help from the ISP’s that seem to care very little. – by Ouch

It really doesn’t matter !(5:08pm EST Fri Jun 01 2001)
a True hacker can do this with win98 or winxp

it’s just easier for them on winxp.

if a hacker wants to do something he will keep trying till he get’s it !

so who cares if it’s easier to do it ?
if you are targeted you are screwed no matter what ! – by Goden

It’s like idiots at college vending machines putting foil into the microwave. Doing something damaging with no redeeming value.

I care because I don’t want to be denied access to my favorite sites just because someone with bots decides to DDoS them.

If a mainstream OS makes it is easier to do spoofed DDoS attacks, more maladjusted script kiddies (is that redundant?) may try it.

You are screwed if people with high-bandwidth connections unwittingly allow their machines to host attacks on your servers, so instead of bending over, how about helping to educate your friends and peers? – by DrunkenMonkey

This is not a joke..(5:42pm EST Fri Jun 01 2001)
I had just finished supplying information to abuse@home.com in Redwood City, CA. and provided them with the URL and IP address of someone who tried to prob my port 27374 for trogan horses. Them I read Steve’s article, and duh, it wasn’t to hard to put two and two together. Steve gives some DOS line commands, dll’s, and registry lines to check for this crap. Zonealarm 2.6 did block this intrusion. – by FacetheMusic

Re: Hahahah(6:08pm EST Fri Jun 01 2001)
“If Unix has 95% of the consumer market, imagine how bad it could get… I would say many order of magnitude than XP…We can have a DDOS before breakfast, lunch, and dinner… heck, anytime of the day the “script kiddies” feel like it…”

Read BlindGeek007’s post a few prior to yours on user levels and his adept use of the operative keyword “easy”.

“and we need a licence of some sort to have a powerful PC/Highspeed connections.”

Sure, give them an excuse to jack up the price of broadband even more than it is now. You don’t need a powerful PC to run any of these silly scripts, and (using your licensing scenario) the trojan can be tacked on to one of the licensed computer from an unlicensed one using a 56K modem (or a jerk-off employee at a terminal). – by Bleh

Just to stir up the pot,(8:28pm EST Fri Jun 01 2001)
One entry found for hacker.

Main Entry: hack�er
Pronunciation: ‘ha-k&r
Function: noun
Date: 14th century
1 : one that hacks
2 : a person who is inexperienced or unskilled at a particular activity
3 : an expert at programming and solving problems with a computer
4 : a person who illegally gains access to and sometimes tampers with information in a computer system

This is from Merriam Webster’s online dictionary. I notice how everyone on this site has there own idea of what a hacker is, so I thought you might like to know what a widespread dictionary definition was. I like the 1st one best myself! – by Packaday 420

That quote is(8:58pm EST Fri Jun 01 2001)
usually attributed to Jaimie Zawinski, one of the Netscape founders. – by xxxx

Stirring the pot in the other direction :)(9:23pm EST Fri Jun 01 2001)
“…Raymond lists five possible characteristics that qualify one as a hacker, which we paraphrase here:

A person who enjoys learning details of a programming language or system
A person who enjoys actually doing the programming rather than just theorizing about it
A person capable of appreciating someone else’s hacking
A person who picks up programming quickly
A person who is an expert at a particular programming language or system, as in “UNIX hacker”

Raymond deprecates the use of this term for someone who attempts to crack someone else’s system or otherwise uses programming or expert knowledge to act maliciously. He prefers the term cracker for this meaning.

-from whatis.com

Did you guys see this?

Wow. – by DrunkenMonkey

I hope(11:23pm EST Fri Jun 01 2001)
They do get all the problems fixed with windows XP. It is about time they fully programmed all the UNIX protocols. I hope they will also include NFS as part of the OS so it will be able to connect to system other than Microsoft out of the box(instead of having to buy the UNIX package for $200). If they had done this from the start they would be over the hurdle already. Now if they would dump that stupid registry they might have a better and more stable product.
I just had to hack the thing this week and it makes no sence at all. What moron came up with that complex crap.

Anyway good luck XP – by Rax

Re:Interesting Anon Internet Quote (11:34pm EST Fri Jun 01 2001)
“Windows not free even if your time and data is worthless”– by pherthyl

Re:Interesting Anon Internet Quote (11:35pm EST Fri Jun 01 2001)
“Windows is not free even if your time and data is worthless”– by pherthyl

Question(11:40pm EST Fri Jun 01 2001)
What is the easiest way of making sure your computer is secure? I mean can I test if my firewall stuff is working correctly? – by wondering

oh yeah, this anti-ms shit…(11:49pm EST Fri Jun 01 2001)
is just ridiculous.
NEWS FLASH: News sites are supposed to be unbiased. “How Windows could kill the Internet” is such an idiotic and unrelated title its unbelievable.

Whoever came up with the idea of slapping totally misinformed titles on stories just to attract readers is brain damaged. I think ZDNet was one of the first with their stupid “Linus bashes OS X” story. – by pherthyl

RE:wondering(2:37am EST Sat Jun 02 2001)
“What is the easiest way of making sure your computer is secure?”

Disconnect it from the internet.

Other than that keep your eye and your mind open. As long as your on the net someone will try to hack in. If you have a linux system you can use Nmap to scan your system for open ports. If it is windows Steven might know of a tool the windows hacker use. – by Rax

When grc.com isn’t being DDoS’ed, it offers an online security check. Click on the “Shields Up” links. As of this writing, it is offline, since running the test during the DDoS attack could yield misleading results.

Steve Gibson also has a downloadable utility called that will tell you if your system allows trojans to send data through your Internet connection.

Cheers, – by DrunkenMonkey

ohh yeah distroy MS(11:08am EST Sat Jun 02 2001)
This is the real worls ant the trut this men hear is telling the big true yo MS. MS is the biggest monopoly in the world and the most vulnerabel SYSOP
this the real evry day a MS Operating System is distroy on internet
the worl is going to change an linux going to kick your ass for ever..
this is the new trut Linux has the security, stability and now user frendly than ever this is real.
“There is now problem witch Windows that Linux Can FiXXXXXX”– by Blade_Scorpions

Install a personal firewall(11:36am EST Sat Jun 02 2001)
Install something like ZoneAlarm from zonelabs.com or TinyPersonal firewall from tinysoftware.com – also run a current anti-virus checker, and you will be halfway to secure. TPF also comes with a status tool that shows you all ports that are currently connected in real time and can log every rule you set.

– Also – Blade_Scorpions – you are full of Sh*t. – by Member

“Stupid” Users(12:23pm EST Sat Jun 02 2001)
Since I didn’t see any subsequent posts disputing Rary’s assertion that, “most users are stupid,” I’ll have to assume that’s a commonly held belief among those who post here.

By definition, computer users are those who turn on their machines with the intent of accomplishing work or play, not tweaking the OS or BIOS. Those who make their living supporting users shouldn’t disparage their customers.

Additionally, if either the MacOS or Linux dominated the market, the “script kiddies” would attack those systems. – by XX-User

Won’t You Please Help(3:23pm EST Sat Jun 02 2001)
I’m starting a collection to buy Blade_Scorpions a functional keyboard and a copy of the Merriam-Webster dictionary on cd.

Your tax-deductible donation will provide remedial grade school education with emphasis on spelling, as well as a diet rich in Twinkies and Diet Coke.

/me has better things to do than h4X0r new kernels and device drivers – by Sally Struthers

2 things to say(11:48pm EST Sat Jun 02 2001)
The first being — “People in Wisconsin have WAYYY!!! tooo much time on their hadns… GET A LIFE”

The second is–“Who says our educational system is failing? If a 13 year old can HEX edit, I think we’re doing pretty damn good”

– by ARATHORN

next inventive step(7:00am EST Sun Jun 03 2001)
a small company in the uk has the answer to the next inventive step but until the infringment of ourso called new technology which is in fact a new higher ceiling is put right then the infringers will search until doomsday for the rest of OUR INTELLECTUAL PROPERTY.the companies that are guilty of this conspiracy to deprive are not just depriving us but everyone on the planet thank you – by mr random

Lighten up, MS fans(12:41pm EST Sun Jun 03 2001)
Anyone who actually read this news item or the GRC.com article and thinks it’s anti-Microsoft is very very silly. The point of this news item isn’t to bash MS, but to point out that we should all be aware that installing WinXP as it currently stands will open up our computers (and the ‘Net) to more easy s’kiddie attacks. Mr. Gibson is sending a letter to MS because MS is making the OS and can probably do something about this problem before it hits the market and gets installed on millions of machines. I’m psyched that WinXP will have UNIX sockets fully implemented, but that doesn’t mean the MS programmers can’t put some new security in the OS to stop the presence of zombies and DDoS participation. Gibson’s article is also a fascinating glimpse into the real world of hackers and s’kiddies and greedy/lazy ISPs. MS defenders get so bent out of shape any time something negative is pointed out about an MS product … this is a great example. Ron (the article’s author) isn’t bashing MS at all … he’s just pointing out (as are DrunkenMonkey and GodTM) that the next version of Windows, as the dominant desktop OS, may engender a major Internet security problem if people are unaware of the problem of if MS doesn’t come up with a security patch. It’s really more about how cheesy s’kiddies can be. Relax, folks. Mentioning a problem with Windows doesn’t mean this site or any author hates Microsoft. Instead of getting your panties in a bunch, read the articles and take a few deep breaths. – by Mr. Perspective

a thought(10:38am EST Mon Jun 04 2001)
what if it is some of our favorite sites being attacked, in particular this site?? – by Thinking

ya know…(11:59am EST Mon Jun 04 2001)
if you read what MS has already done with the OS, it should be ok for mass installation on idiot’s (general public’s) computers.

Doesn’t XP have a built-in firewall? Problem solved (and if someone doesn’t implement it… well, you can’t force them?). People will still open up attachments and such, but at least the network traffice won’t (shouldn’t) go through (hmmm… if the firewall package does MD5 sig checking like tiny software’s personalFirewall, MS can even update an MD5 list of banned apps/trojans with their regular critical updates). – by God�

No idea…(12:08pm EST Mon Jun 04 2001)
I thought I can speak English, but I have no idea what is this talk about. I am the kind of a stupid user, that wants to write something, play something, surf somewhere. Please, do not hack or crack my old PII 400. I do not like zombies, horses do not fit into my flat and the phone lines in this part of Europe are the best firewall you can imagine. Not even my e-mail is able to reach my machine. So, I will wait few years and if you solve this “frog-mouse” war, I will be ready to install the surrender.
Have fun!!! – by Stupid

script kiddes…(3:50pm EST Mon Jun 04 2001)
Script kiddies piss me off then hackers or crackers. I think that you should be punnished more if you are caught using someone elses code. – by joanfi

a thought(6:46pm EST Mon Jun 04 2001)
those people that write the script kiddies’ programs really need to think about what they have done.
i bet the writer was just trying to make himself hard to be found since so many script kiddies using their programs. – by OOO

us non geek users(11:22am EST Thu Jun 07 2001)
hello no im not a linux user “but tryed it” and i can’t write hack programs or script other than A batch file in dos.
it sounds to me that you all bash the domminate user of a computer system.
why dont you try helping them instead of
calling them stupid. Remmember if you can teach the so called stupid user than you wouldnt need a post about them being stupid. So now you can write somthing like hey new user to computer here is what you need to do. makes more sense to me…………. – by john

new user- one that dont know how to turn one on….
windows-users one that uses the internet and other programs but dosnt have a clue nor cares how it all works.

stupid as some here say-
dont use percautions like firewalls
antivirus software and all that.
oh and dont for get one that wants what microsoft should have done in the first place make A stable home user operating system like XP is suppose to be.

then you users- ones that complain about
win9x users and call us dumb because we dont use linux or like me have tryed it and couldnt figure it out.

Mabey you can try to help us by writting something that matters to us as well
like some said awsome web site for users that dont know much about how it all works.
and for you linux users it is going to take us stupid users to learn it before windows will ever be out remmember that– by john again

MS(1:57pm EST Thu Aug 30 2001)
Yea sure blame it on the hackers and kiddies. That will surely stop them. And then the Windows XP will be the best OS ever.
And those stupid programmers that have the skils to make the programs to feed the kiddies. O yea they are realy dump. You don’t need any brains to make programs (no realy you don’t, there are people out there writing Window versions).
You can always sit down, relax and blame the other person.
You can be sure the kiddies and hackers don’t. – by voltath

is it gone?(3:23am EST Sat Sep 14 2002)
If Unix has 95% of the consumer market, imagine how bad it could get… I would say many order of magnitude than XP…We can have a DDOS before breakfast, lunch, and dinner… heck, anytime of the day the “script kiddies” feel like it…
“quote”

well said, its always about who is on top. The top dog must fall.
nuff ~ said – by nuff said